[imp] mysql->quote problem with IMP and Turba

Jeff Tucker jefft@wciatl.com
Tue, 09 Oct 2001 23:09:38 -0400
Previous message: mysql->quote problem with IMP and Turba
Next message: [imp] mysql->quote problem with IMP and Turba
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On Tuesday, October 09, 2001 6:17 PM -0400 Jeff Tucker <jefft@wciatl.com> 
wrote:

>
> What I found was that IMP was not generating valid MySQL requests.
> Specifically, the strings were not being quoted correctly. Strings
> weren't getting any quotes at all. In my log, I get entries like:
>

OK, answering my own question here.

In the file horde/lib/Prefs/sql.php, I find the representative code:
        $query = 'select pref_scope, pref_name, pref_value from ';
        $query .= $this->params['table'] . ' ';
        $query .= 'where pref_uid = ' . $this->db->quoteString($this->user);
        $query .= ' and (pref_scope = ' . 
$this->db->quoteString($this->scope);
        $query .= " or pref_scope = 'horde') order by pref_scope";

How can this possibly work? quoteString is designed to return a string 
which is escaped for SQL purposes but has no quotes around it. That means 
that this query is built without quotes around any of the string variables. 
At least on my version of MySQL, that fails.

If I replace all instances of quoteString with simply quote, this starts 
working because the SQL query has quotes around the string constants.

I can't be the only one using MySQL, so I have this nagging feeling I'm 
missing something. Still, I have all the latest CVS version from about two 
days ago and it simply doesn't work on my machine.

Thanks
Jeff

-- 
Jeff Tucker
Williams Consulting, Inc.
jefft@wciatl.com


>From chuck@horde.org Date: Tue,  9 Oct 2001 23:11:39 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 48716 invoked from network); 10 Oct 2001 03:12:13 -0000
Received: from h00104bc60b3c.ne.mediaone.net (HELO marina.horde.org) (24.91.198.7)
  by clark.horde.org with SMTP; 10 Oct 2001 03:12:13 -0000
Received: by marina.horde.org (Postfix, from userid 33)
	id 51A593D7B; Tue,  9 Oct 2001 23:11:39 -0400 (EDT)
Received: from 192.168.0.160 ( [192.168.0.160])
	as user chuck@localhost by marina.your.mom with HTTP;
	Tue,  9 Oct 2001 23:11:39 -0400
Message-ID: <1002683499.3bc3bc6b2a134@marina.your.mom>
Date: Tue,  9 Oct 2001 23:11:39 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <455363217.1002651477@[192.168.0.71]>
In-Reply-To: <455363217.1002651477@[192.168.0.71]>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] mysql->quote problem with IMP and Turba

Quoting Jeff Tucker <jefft@wciatl.com>:

> What I found was that IMP was not generating valid MySQL requests. 
> Specifically, the strings were not being quoted correctly. Strings weren't 
> getting any quotes at all. In my log, I get entries like:

Alright... it sounds like you have an older Horde, and a newer Turba? Maybe? 
>From what you say, Turba is calling $this->db->quote(), whereas Horde is 
calling quoteString()?

On second thought, even that doesn't really make sense. Everything works for me 
with the latest cvs of PEAR, latest Horde and IMP. If those are the versions 
you have, unmodified, then we'll dig, but I'm guessing it's a version mismatch 
somewhere.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be lie, like children whose faces we cannot see, in the 
arms of silence. All we ever have is here, now." - Ursula K. Le Guin


>From chuck@horde.org Date: Tue,  9 Oct 2001 23:14:06 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 49598 invoked from network); 10 Oct 2001 03:14:41 -0000
Received: from h00104bc60b3c.ne.mediaone.net (HELO marina.horde.org) (24.91.198.7)
  by clark.horde.org with SMTP; 10 Oct 2001 03:14:41 -0000
Received: by marina.horde.org (Postfix, from userid 33)
	id 0F7EC3D7B; Tue,  9 Oct 2001 23:14:07 -0400 (EDT)
Received: from 192.168.0.160 ( [192.168.0.160])
	as user chuck@localhost by marina.your.mom with HTTP;
	Tue,  9 Oct 2001 23:14:06 -0400
Message-ID: <1002683646.3bc3bcfedbb8b@marina.your.mom>
Date: Tue,  9 Oct 2001 23:14:06 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <455363217.1002651477@[192.168.0.71]> <377184507.1002668978@[192.168.2.12]>
In-Reply-To: <377184507.1002668978@[192.168.2.12]>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] mysql->quote problem with IMP and Turba

Quoting Jeff Tucker <jefft@wciatl.com>:

> I can't be the only one using MySQL, so I have this nagging feeling I'm
> missing something. Still, I have all the latest CVS version from about two 
> days ago and it simply doesn't work on my machine.

Well, for whatever reason, you don't. This is the latest version:

http://cvs.horde.org/co.php/horde/lib/Prefs/sql.php

And this is the diff - about two months ago - where I changed quoteString() to 
quote():

http://cvs.horde.org/diff.php/horde/lib/Prefs/sql.php?r1=1.21&r2=1.22&f=h

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be lie, like children whose faces we cannot see, in the 
arms of silence. All we ever have is here, now." - Ursula K. Le Guin
Previous message: mysql->quote problem with IMP and Turba
Next message: [imp] mysql->quote problem with IMP and Turba
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]